Taken to Court: Defending Public Health Authority to Access Medical Records During an Outbreak Investigation

Elizabeth R Daly; Jeanne P Herrick; Elizabeth X Maynard; José T Montero; Christine Adamski; Jodie Dionne-Odom; Elizabeth A Talbot; Sharon Alroy-Preis

doi:10.1177/003335491513000315

. 2015 May-Jun;130(3):278–283. doi: 10.1177/003335491513000315

Taken to Court: Defending Public Health Authority to Access Medical Records During an Outbreak Investigation

Elizabeth R Daly ^1,^✉, Jeanne P Herrick ¹, Elizabeth X Maynard ¹, José T Montero ¹, Christine Adamski ¹, Jodie Dionne-Odom ¹, Elizabeth A Talbot ¹, Sharon Alroy-Preis ¹

PMCID: PMC4388227 PMID: 25931633

Protection of an individual's right to privacy is highly valued in American culture and is frequently debated in U.S. legislatures, especially with the increasing availability of electronic information.^1,2 At the same time, legislatures have recognized that privacy rights must sometimes concede to larger societal benefits such as public health protection. In recognition of this necessity, the main federal law that protects patient privacy rights, the Health Insurance Portability and Accountability Act of 1996 (HIPAA),³ expressly states that its privacy provisions do not apply to reporting diseases of public health significance for surveillance, investigation, or intervention, as defined by state law.^4–6 State disease reporting laws also authorize public health officials to access private health information to investigate potential health threats,⁷ and to conduct the medical record reviews that are so important to public health investigation.

The constitutionality of laws protecting private health information has been challenged only infrequently, and the power of the states to pass such laws has been upheld by the U.S. Supreme Court.^8–14 During investigation of an outbreak of hepatitis C virus (HCV) infection at a hospital in 2012, the New Hampshire Department of Health and Human Services (NHDHHS) conducted reviews of the electronic medical records (EMRs) of patients who might have been related to the outbreak. The purpose of the reviews was to determine the outbreak's source to prevent additional infections. The hospital at which the outbreak was based initially allowed NHDHHS investigators to review medical records, but later refused access and filed a court petition for protective order. We report on the arguments and resolution of this legal challenge to public health authority in New Hampshire.

LEGAL CHALLENGE

On May 15, 2012, a hospital in New Hampshire reported a cluster of HCV infections. NHDHHS launched an investigation¹⁵ to determine the timing and possible source of infection. The investigation included a review of medical records of all patients identified as cases as well as certain other patients who were potentially exposed to HCV at the hospital. NHDHHS investigators reviewed EMRs on site at the hospital and extracted only relevant patient information. The investigators reviewed the medical records of 135 patients on 10 dates from May through July 2012. NHDHHS requested additional site visits to the hospital to conduct medical record reviews in August, some of which the hospital agreed to but later postponed and eventually refused. Finally, despite being provided justification for NHDHHS record access, on August 29, 2012, the hospital filed a lawsuit in New Hampshire Superior Court requesting that the court issue an order protecting the hospital from the demands for medical record review made by NHDHHS. The hospital requested that the court declare that the New Hampshire statute concerning investigations of communicable disease incidents did not grant NHDHHS authority to review medical records without prior patient consent and notice to the hospital of the specific records and information to be reviewed, including the patient's name, the approximate dates of the medical records sought, the portion of the medical record for which review was sought, and an explanation of why the information sought was the minimum necessary.¹⁶ In response to the hospital's lawsuit, NHDHHS filed an objection to the hospital's request for a protective order and a motion for an expedited hearing,¹⁷ which was then scheduled for October 17, 2012. All investigative activities relying on medical record review ceased until resolution of the dispute on October 31, 2012 (Figure).

Outbreak investigation timeline of a hepatitis C virus outbreak at a New Hampshire hospital, 2012

HOSPITAL ARGUMENTS AGAINST ACCESS TO RECORDS

The two primary arguments set forth by the hospital in its motion for protective order were that NHDHHS access to the entire EMR (1) would violate various privacy laws that protect certain types of health information and (2) was inconsistent with statutory obligations to retain only the minimum amount of information necessary, because NHDHHS would have access to more information than was necessary to conduct the investigation.

Violation of privacy laws argument

The hospital claimed that NHDHHS requested access to medical records without regard to federal and state patient privacy rights. The hospital further claimed that releasing an entire medical record for inspection without legally required limitations and, in some instances, patient consent, violated HIPAA,³ the federal Public Health Service Act and its regulations,¹⁸ New Hampshire state laws requiring patient consent to release confidential information in general,^19,20 and, more specifically, state laws protecting medical information related to certain types of health care.^21–24 The hospital sought a declaration from the court requiring NHDHHS to provide the list of requested medical records in advance to allow the hospital to review the patients' medical records and determine whether or not the records contained sensitive health information that NHDHHS was not entitled to view without the patient's specific written consent.

Violation of obligation to retain minimum necessary argument

The hospital's second argument claimed that NHDHHS was requesting unfettered access to medical records regardless of the records' relevance to the investigation, and that access to the entire EMR was inconsistent with NHDHHS statutory obligations to retain only the minimum amount of information necessary. The hospital argued that as a “covered entity,”²⁵ an entity that must adhere to HIPAA, it was bound to comply with the statute's “minimum necessary” requirements and only release information reasonably necessary to accomplish the purpose for which the request was made.²⁶ In addition to HIPAA, the hospital cited the New Hampshire Communicable Disease law, which authorizes NHDHHS to conduct communicable disease investigations, but requires NHDHHS to retain the minimum amount of information necessary to conduct such an investigation.²⁷ The hospital asked the Court to declare that NHDHHS did not have the right to access an entire medical record because not all of the information contained in the record would be relevant to the investigation.

STATE ARGUMENTS FOR ACCESS TO RECORDS

Response to the hospital's violation of privacy rules argument

A summary of relevant laws and regulations that authorize NHDHHS to access medical records is provided in the Table. The state argued that New Hampshire state laws and regulations allow NHDHHS to conduct investigations and review individual medical records in a disease incident.^27–29 To allow for efficient flow of health information, the state pointed out that state law removes the physician-patient privilege that would otherwise prevent a physician from being required to disclose patient information,³⁰ and HIPAA expressly states that its privacy provisions do not apply to procedures established by state law that provide for public health surveillance, investigation, or intervention.^4–6 Furthermore, the state cited New Hampshire state law that places the authority to determine whether or not a public health investigation is necessary to protect the public, and the scope of such investigation with the commissioner or designee of NHDHHS, not the health-care provider.^27,31 The state argued that allowing the hospital to demand conclusive proof that a medical record was definitively linked to the outbreak prior to providing access would confer a gatekeeping function to the health-care provider that was not intended by the statute.³² The state added that allowing health-care providers to serve as gatekeepers could compromise investigations, especially those investigations involving potential patient harm (e.g., infection) at the hands of the health-care provider.

Table.

State and federal statutes and regulations that authorize the New Hampshire Department of Health and Human Services to access medical records during investigations

graphic file with name 16_LawTable.jpg

Open in a new tab

^aPub. L. No. 104-191, 110 Stat. 1936 (1996). HIPAA was an act to improve the efficiency of health-care delivery through standardizing information sharing. The act directed the U.S. Department of Health and Human Services to develop privacy provisions through regulations.

NHDHHS = New Hampshire Department of Health and Human Services

HIPAA = Health Insurance Portability and Accountability Act of 1996

Regarding violation of New Hampshire state privacy laws, the state pointed out that some of the health information protection statutes cited by the hospital expressly allow for disclosure of information where provided by other state law, such as the Communicable Disease reporting law.^19,20 The statutes that address unique records or facility types (e.g., genetic testing and behavioral health) did not apply to the hospital.

Response to the hospital's violation of obligation to retain minimum necessary argument

The state argued that because disclosure to NHDHHS for public health purposes is required by New -Hampshire state law,⁵ the minimum necessary rule under HIPAA does not apply³³ and HIPAA imposes no further requirements.³¹ HIPAA expressly states that the covered entity may rely on a public official's determination as to the necessary information for the public health purpose.^26,34 The state described how public health officials routinely use standard epidemiologic methods for outbreak response to determine the amount of information necessary to collect, which may vary across outbreaks depending on the characteristics of the disease involved and the objectives of the response. The state pointed out to the court that, to ensure only relevant information was retained in this investigation, NHDHHS developed data collection tools to extract and record targeted information from the EMR. The state added that the alternative to accessing the EMR directly would have been to request large volumes of paper medical records, which would have resulted in the collection of more information than necessary.

JUDICIAL RULING AND INVESTIGATION COMPLETION

Following a hearing and submission of supplemental memoranda, and in a decision dated October 31, 2012,³⁵ the court denied the hospital's motion for a protective order and affirmed NHDHHS's authority to access entire medical records during the investigation. The court acknowledged that federal and New Hampshire state laws allow for disclosure of information to NHDHHS. Regarding the hospital's claim that NHDHHS was collecting more than the minimum amount of information necessary, the court noted that other laws, such as the federal wiretap statute,³⁶ also invoke a minimum information necessary standard and similarly provide broad access to information but rely on officials to exercise discretion in determining the minimum amount necessary to retain. In the wiretap example, authorities may observe nonrelevant information but are required to conduct the investigation in a manner that minimizes intrusions and retain only relevant information. The court recognized that, contrary to the hospital's claim, the evidence demonstrated that NHDHHS employed specific methods and trained employees to avoid collecting medical records that were not pertinent to the investigation.

After a delay that took four months (from the time the hospital refused site visits to the time a mutually agreeable date for a hospital site visit could be arranged after court resolution), NHDHHS was able to complete the investigation by conducting EMR reviews for an additional 43 potentially exposed patients to ensure no other patients had been infected. A total of 178 EMRs were reviewed during the investigation and 32 patients were confirmed to have acquired HCV infection at the hospital. The investigation concluded with a final report released by NHDHHS in June 2013,¹⁵ one year after identification of the outbreak.

IMPLICATIONS FOR PUBLIC HEALTH LAW AND POLICY

Few court cases have challenged public health authority to access protected health information. With the exception of the initiation of named-based reporting for human immunodeficiency virus in the late 1990s, public health reporting laws had gone mostly unchallenged for decades.^14,37 Had the court in this case found in favor of the hospital and issued a protective order limiting NHDHHS access to medical records, NHDHHS's ability to protect the public's health would have been diminished in the HCV outbreak because the investigation was not yet complete, and likely in future investigations because the finding would have set a precedent in New Hampshire. While a finding in favor of the hospital by the Superior Court in New Hampshire would not serve as a precedent to courts in other states, it could have encouraged similar challenges to public health medical record access in other jurisdictions.

This case serves as a reminder to public health officials to ensure that their jurisdiction's statutory language regarding access to medical records is sufficient to support public health investigations and to withstand legal challenges from entities that hold the records. This case also highlights the important obligation of public health officials to institute safeguards to build provider and public trust in public health's commitment to collect information for legitimate purposes, retain the minimum amount necessary, and maintain it confidentially.³⁸ As technology evolves, the availability of electronic data presents an opportunity for public health officials to conduct timely and efficient outbreak responses. Laws and regulations may need to be updated to account for new technologies and should include safeguards to protect electronic information.^1,14,39

Because New Hampshire and federal laws clearly authorize public health access to medical records, the court resolved this aspect of the case simply in its decision. In contrast, the “minimum necessary” aspect of the case was the primary point of discussion in legal documents, the hearing, and the court's final order. NHDHHS strongly advocated for broad access to medical records, which the court eventually supported in its decision, citing the federal wiretap statute as an example of providing broad access and relying on the professional discretion of the investigators to collect only the minimum records necessary. Public health officials have an ethical and legal obligation to collect only the minimum information necessary, and they make these determinations in their daily work for each investigation. The amount of records necessary in a particular investigation depends on the circumstances. It could be as little as asking a health-care provider questions by phone or requesting access to the entire medical record.

Several safeguards apply to a public health official's request for private health information, including legislative authority, administrative policies, the releasing organization's evaluation of the request, and judicial intervention. The statutes and regulations that authorize public health access to records may provide instruction on the limitations of the authority. The policies, procedures, and management structure at the public health agency also provide oversight to investigation activities. The health-care provider to whom the request for records is made should be provided with an explanation of the need for and scope of the investigation to build trust and allow the health-care provider to evaluate the justification for record access. Where electronic access is provided, there is an additional safeguard in the EMR audit trail, which typically lists what parts of the record the public health official accessed.

In rare cases such as this one in New Hampshire, court intervention may be necessary to resolve a dispute, but it comes at a great cost: delay in protecting the public from potentially life-threatening diseases. Early in this investigation, the hospital had cooperated with NHDHHS. After the likely source of the outbreak was identified, NHDHHS's investigation continued to identify additional HCV infections linked to the outbreak, in part by using patient medical records. As the number of cases increased, the relationship between the hospital and NHDHHS deteriorated and the hospital hired outside legal counsel to help manage its participation in the outbreak investigation, which had quickly resulted in litigation and national media attention. The hospital's proffered reason for legal action was to protect its patients from having their records reviewed by NHDHHS and to protect itself from HIPAA violation claims made by patients.

Although this case delayed investigation activities and consumed limited public health and legal resources with the burden of developing court arguments, it presented an opportunity to educate hospital partners, the court system, and attorneys about the importance of public health authority. Public health officials in other jurisdictions should consider opportunities to proactively provide education on the role of public health to the court system, state attorneys responsible for defending public health authority, and legislators, as these professions are unlikely to receive formal education on this topic.⁴⁰

Rather than risking delay in outbreak investigations such as occurred in New Hampshire, public health agencies should review local laws and regulations prior to events, strengthen statutory language and incorporate new technologies where needed, and foster a common understanding of the authority and roles among public health partners, the court system, and state officials.

Footnotes

The authors thank Anne Edwards, Associate Attorney General of the New Hampshire Department of Justice, and Frank Nachman, Chief Legal Counsel for the New Hampshire Department of Health and Human Services (NHDHHS), for their contributions to the legal arguments presented to the court on behalf of the State of New Hampshire.

The findings and conclusions in this article are those of the authors and do not necessarily represent the views of the agencies with which the authors are affiliated.

REFERENCES

1.Gostin LO, Hodge JG, Jr, Valdisseri RO. Informational privacy and the public's health: the Model State Public Health Privacy Act. Am J Public Health. 2001;91:1388–92. doi: 10.2105/ajph.91.9.1388. [DOI] [PMC free article] [PubMed] [Google Scholar]
2.Hodge JG, Jr, Gostin KG. Challenging themes in American health information privacy and the public's health: historical and modern assessments. J Law Med Ethics. 2004;32:670–9. doi: 10.1111/j.1748-720x.2004.tb01972.x. [DOI] [PubMed] [Google Scholar]
3. Pub. L. No. 104-191, 110 Stat. 1936 (1996)
4. 42 U.S.C. §1320d-7(b) (1996)
5. 45 C.F.R. §160.203 (2000)
6. 45 C.F.R. §164.512 (2000)
7.Teutsch SM, Churchill RE. Principles and practice of public health surveillance. 2nd ed. New York: Oxford University Press; 2000. [Google Scholar]
8. Holmes v. Jennison, 39 U.S. 540 (1840)
9. Whalen v. Roe, 429 U.S. 589 (1977) [PubMed]
10. Jacobson v. Com. of Massachusetts, 197 U.S. 11 (1905)
11.Gostin LO. Jacobson v Massachusetts at 100 years: police power and civil liberties in tension. Am J Public Health. 2005;95:576–81. doi: 10.2105/AJPH.2004.055152. [DOI] [PMC free article] [PubMed] [Google Scholar]
12.Hodge JG., Jr Health information privacy and public health. J Law Med Ethics. 2003;31:663–71. doi: 10.1111/j.1748-720x.2003.tb00133.x. [DOI] [PubMed] [Google Scholar]
13.Parmet WE, Daynard RA. The new public health litigation. Annu Rev Public Health. 2000;21:437–54. doi: 10.1146/annurev.publhealth.21.1.437. [DOI] [PubMed] [Google Scholar]
14.O'Connor J, Matthews G. Informational privacy, public health, and state laws. Am J Public Health. 2011;101:1845–50. doi: 10.2105/AJPH.2011.300206. [DOI] [PMC free article] [PubMed] [Google Scholar]
15.New Hampshire Department of Health and Human Services, Division of Public Health Services. State of New Hampshire hepatitis C outbreak investigation, Exeter Hospital, public report 2013 [cited 2014 Jun 9] Available from: URL: http://www.dhhs.state.nh.us/dphs/cdcs/hepatitisc/documents/hepc-outbreak-rpt.pdf.
16. Exeter Hospital, Inc. v. Dr. Sharon Alroy-Preis, No. 217-2012-CV-00617. (N.H. S. Ct. Oct. 31, 2012)
17.New Hampshire Department of Justice, Office of the Attorney General. Pleadings filed in response to Exeter Hospital's request for a protective order. 2012 Oct 2 [cited 2015 Feb 10] Available from: URL: http://doj.nh.gov/media-center/press-releases/2012/20121002-exeter-pleadings.htm.
18. 42 C.F.R. Part 2, §2 (1987)
19. N.H. Rev. Stat. Ann. §151:21 (2013)
20. N.H. Rev. Stat. Ann. §332-I (2013)
21. N.H. Rev. Stat. Ann. §141-H (2013)
22. N.H. Rev. Stat. Ann. §135-C (2013)
23. N.H. Rev. Stat. Ann. §141-F (2013)
24. N.H. Rev. Stat. Ann. §172:8-a (2013)
25. 45 C.F.R. §160.103 (2000)
26. 45 C.F.R. §164.514 (2000)
27. N.H. Rev. Stat. Ann. §141-C:9 (2013)
28. N.H. Rev. Stat. Ann. §141-C:3 (2013)
29. N.H. Code Admin. R. He-P 301.07(b)(5) #8242 (2008)
30. N.H. Rev. Stat. Ann. §141-C:10 (2013)
31. N.H. Rev. Stat. Ann. §141-C:4 (2013)
32. Ohio Legal Rights Serv. v. Buckeye Ranch, Inc., 365 F. Supp. 2d 877, 885 (2005)
33. 45 C.F.R. §164.502 (2000)
34.Thacker SB. HIPAA privacy rule and public health: guidance from CDC and the U.S. Department of Health and Human Services. MMWR Morb Mortal Wkly Rep. 2003;52:1–12. [PubMed] [Google Scholar]
35.N.H. S.C. Notice of decision. Exeter Hospital, Inc. v. Dr. Sharon Alroy-Preis, No. 217-2012-CV-00617. 2012 [cited 2015 Feb 10] Available from: URL: http://doj.nh.gov/media-center/press-releases/2012/documents/exeter-hospital-order.pdf.
36. 18 U.S.C. §2518 (1986)
37.Bayer R, Fairchild A. The limits of privacy: surveillance and the control of disease. Health Care Anal. 2002;10:19–35. doi: 10.1023/A:1015698411824. [DOI] [PubMed] [Google Scholar]
38.El Emam K, Mercer J, Moreau K, Grava-Gubins I, Buckeridge D, Jonker E. Physician privacy concerns when disclosing patient data for public health purposes during a pandemic influenza outbreak. BMC Public Health. 2011;11:454. doi: 10.1186/1471-2458-11-454. [DOI] [PMC free article] [PubMed] [Google Scholar]
39.Coker R. Communicable disease control and contemporary themes in public health law. Public Health. 2006;(120 Suppl):23–9. doi: 10.1016/j.puhe.2006.07.010. [DOI] [PubMed] [Google Scholar]
40.Kromm JN, Frattaroli S, Vernick JS, Teret SP. Public health advocacy in the courts: opportunities for public health professionals. Public Health Rep. 2009;124:889–94. doi: 10.1177/003335490912400618. [DOI] [PMC free article] [PubMed] [Google Scholar]

[B1] 1.Gostin LO, Hodge JG, Jr, Valdisseri RO. Informational privacy and the public's health: the Model State Public Health Privacy Act. Am J Public Health. 2001;91:1388–92. doi: 10.2105/ajph.91.9.1388. [DOI] [PMC free article] [PubMed] [Google Scholar]

[B2] 2.Hodge JG, Jr, Gostin KG. Challenging themes in American health information privacy and the public's health: historical and modern assessments. J Law Med Ethics. 2004;32:670–9. doi: 10.1111/j.1748-720x.2004.tb01972.x. [DOI] [PubMed] [Google Scholar]

[B3] 3. Pub. L. No. 104-191, 110 Stat. 1936 (1996)

[B4] 4. 42 U.S.C. §1320d-7(b) (1996)

[B5] 5. 45 C.F.R. §160.203 (2000)

[B6] 6. 45 C.F.R. §164.512 (2000)

[B7] 7.Teutsch SM, Churchill RE. Principles and practice of public health surveillance. 2nd ed. New York: Oxford University Press; 2000. [Google Scholar]

[B8] 8. Holmes v. Jennison, 39 U.S. 540 (1840)

[B9] 9. Whalen v. Roe, 429 U.S. 589 (1977) [PubMed]

[B10] 10. Jacobson v. Com. of Massachusetts, 197 U.S. 11 (1905)

[B11] 11.Gostin LO. Jacobson v Massachusetts at 100 years: police power and civil liberties in tension. Am J Public Health. 2005;95:576–81. doi: 10.2105/AJPH.2004.055152. [DOI] [PMC free article] [PubMed] [Google Scholar]

[B12] 12.Hodge JG., Jr Health information privacy and public health. J Law Med Ethics. 2003;31:663–71. doi: 10.1111/j.1748-720x.2003.tb00133.x. [DOI] [PubMed] [Google Scholar]

[B13] 13.Parmet WE, Daynard RA. The new public health litigation. Annu Rev Public Health. 2000;21:437–54. doi: 10.1146/annurev.publhealth.21.1.437. [DOI] [PubMed] [Google Scholar]

[B14] 14.O'Connor J, Matthews G. Informational privacy, public health, and state laws. Am J Public Health. 2011;101:1845–50. doi: 10.2105/AJPH.2011.300206. [DOI] [PMC free article] [PubMed] [Google Scholar]

[B15] 15.New Hampshire Department of Health and Human Services, Division of Public Health Services. State of New Hampshire hepatitis C outbreak investigation, Exeter Hospital, public report 2013 [cited 2014 Jun 9] Available from: URL: http://www.dhhs.state.nh.us/dphs/cdcs/hepatitisc/documents/hepc-outbreak-rpt.pdf.

[B16] 16. Exeter Hospital, Inc. v. Dr. Sharon Alroy-Preis, No. 217-2012-CV-00617. (N.H. S. Ct. Oct. 31, 2012)

[B17] 17.New Hampshire Department of Justice, Office of the Attorney General. Pleadings filed in response to Exeter Hospital's request for a protective order. 2012 Oct 2 [cited 2015 Feb 10] Available from: URL: http://doj.nh.gov/media-center/press-releases/2012/20121002-exeter-pleadings.htm.

[B18] 18. 42 C.F.R. Part 2, §2 (1987)

[B19] 19. N.H. Rev. Stat. Ann. §151:21 (2013)

[B20] 20. N.H. Rev. Stat. Ann. §332-I (2013)

[B21] 21. N.H. Rev. Stat. Ann. §141-H (2013)

[B22] 22. N.H. Rev. Stat. Ann. §135-C (2013)

[B23] 23. N.H. Rev. Stat. Ann. §141-F (2013)

[B24] 24. N.H. Rev. Stat. Ann. §172:8-a (2013)

[B25] 25. 45 C.F.R. §160.103 (2000)

[B26] 26. 45 C.F.R. §164.514 (2000)

[B27] 27. N.H. Rev. Stat. Ann. §141-C:9 (2013)

[B28] 28. N.H. Rev. Stat. Ann. §141-C:3 (2013)

[B29] 29. N.H. Code Admin. R. He-P 301.07(b)(5) #8242 (2008)

[B30] 30. N.H. Rev. Stat. Ann. §141-C:10 (2013)

[B31] 31. N.H. Rev. Stat. Ann. §141-C:4 (2013)

[B32] 32. Ohio Legal Rights Serv. v. Buckeye Ranch, Inc., 365 F. Supp. 2d 877, 885 (2005)

[B33] 33. 45 C.F.R. §164.502 (2000)

[B34] 34.Thacker SB. HIPAA privacy rule and public health: guidance from CDC and the U.S. Department of Health and Human Services. MMWR Morb Mortal Wkly Rep. 2003;52:1–12. [PubMed] [Google Scholar]

[B35] 35.N.H. S.C. Notice of decision. Exeter Hospital, Inc. v. Dr. Sharon Alroy-Preis, No. 217-2012-CV-00617. 2012 [cited 2015 Feb 10] Available from: URL: http://doj.nh.gov/media-center/press-releases/2012/documents/exeter-hospital-order.pdf.

[B36] 36. 18 U.S.C. §2518 (1986)

[B37] 37.Bayer R, Fairchild A. The limits of privacy: surveillance and the control of disease. Health Care Anal. 2002;10:19–35. doi: 10.1023/A:1015698411824. [DOI] [PubMed] [Google Scholar]

[B38] 38.El Emam K, Mercer J, Moreau K, Grava-Gubins I, Buckeridge D, Jonker E. Physician privacy concerns when disclosing patient data for public health purposes during a pandemic influenza outbreak. BMC Public Health. 2011;11:454. doi: 10.1186/1471-2458-11-454. [DOI] [PMC free article] [PubMed] [Google Scholar]

[B39] 39.Coker R. Communicable disease control and contemporary themes in public health law. Public Health. 2006;(120 Suppl):23–9. doi: 10.1016/j.puhe.2006.07.010. [DOI] [PubMed] [Google Scholar]

[B40] 40.Kromm JN, Frattaroli S, Vernick JS, Teret SP. Public health advocacy in the courts: opportunities for public health professionals. Public Health Rep. 2009;124:889–94. doi: 10.1177/003335490912400618. [DOI] [PMC free article] [PubMed] [Google Scholar]

PERMALINK

Taken to Court: Defending Public Health Authority to Access Medical Records During an Outbreak Investigation

Elizabeth R Daly, MPH

Jeanne P Herrick, JD

Elizabeth X Maynard, JD

José T Montero, MD, MHCDS

Christine Adamski, MSN

Jodie Dionne-Odom, MD

Elizabeth A Talbot, MD

Sharon Alroy-Preis, MD, MPH

LEGAL CHALLENGE

Figure.

HOSPITAL ARGUMENTS AGAINST ACCESS TO RECORDS

Violation of privacy laws argument

Violation of obligation to retain minimum necessary argument

STATE ARGUMENTS FOR ACCESS TO RECORDS

Response to the hospital's violation of privacy rules argument

Table.

Response to the hospital's violation of obligation to retain minimum necessary argument

JUDICIAL RULING AND INVESTIGATION COMPLETION

IMPLICATIONS FOR PUBLIC HEALTH LAW AND POLICY

Footnotes

REFERENCES

ACTIONS

PERMALINK

RESOURCES

Cite

Add to Collections

PERMALINK

Taken to Court: Defending Public Health Authority to Access Medical Records During an Outbreak Investigation

Elizabeth R Daly, MPH

Jeanne P Herrick, JD

Elizabeth X Maynard, JD

José T Montero, MD, MHCDS

Christine Adamski, MSN

Jodie Dionne-Odom, MD

Elizabeth A Talbot, MD

Sharon Alroy-Preis, MD, MPH

LEGAL CHALLENGE

Figure.

HOSPITAL ARGUMENTS AGAINST ACCESS TO RECORDS

Violation of privacy laws argument

Violation of obligation to retain minimum necessary argument

STATE ARGUMENTS FOR ACCESS TO RECORDS

Response to the hospital's violation of privacy rules argument

Table.

Response to the hospital's violation of obligation to retain minimum necessary argument

JUDICIAL RULING AND INVESTIGATION COMPLETION

IMPLICATIONS FOR PUBLIC HEALTH LAW AND POLICY

Footnotes

REFERENCES

ACTIONS

PERMALINK

RESOURCES

Similar articles

Cited by other articles

Links to NCBI Databases